Article:
 |
|
Six Cool New JSP and Servlet Features
|
| Subject: |
|
<c:out/> and escaping |
| Date: |
|
2004-02-11 21:30:15 |
| From: |
|
pelletk
|
|
|
|
Thanks for the article - a good synopsis of highlights of the new features, and well-explained to boot.
I'd just like to point out that a bare EL statement such as ${foo} is not quite the equivalent of <c:out value='${foo]'/>
The distinction is that <c:out../> will escape XML characters by default (this can be turned off with escapeXml='false'), whereas ${foo} will leave the contents of foo untouched.
I've recently seen it suggested elsewhere that JSP 2.0 pages should replace all <c:out/> with ${...}. This could have serious side-effects if the content of the variables presented is not considered carefully with respect to escaping.
|
Showing messages 1 through 1 of 1.
-
<c:out/> and escaping
2004-02-12 10:14:45
bperry
[View]
Using Tomcat 5.x, include the following code in a JSP:
<c:set var="myValue" value="a tag </tag>" /><c:out value="${myValue}" /></ br>
${myValue}
This will produce the following browser output in the client:
a tag </tag></ br>a tag </tag>
Meaning that the client browser will output "</tag>" when the c:out element is used (because the "</ >" characters are escaped); however, including the EL statement in template text will cause the tag to be added to the underlying template code.